This is the 7th day of my participation in the August Text Challenge.More challenges in August
Access token (Access Token)
An access token is a credential used to access a protected resource. An access token is a client that represents a string issued to an authorization. This string is usually opaque to the client. Tokens represent specific access scope and duration, are granted by the resource owner and enforced by the resource server and authorization server.
We might get tokens through the previous four modes.
If the access token request is valid and authorized, the access token is issued along with an optional refresh token.
Response parameters:
| parameter | Parameters that | If required | note |
|---|---|---|---|
access_token |
Authorized leix | mandatory | |
token_type |
Token type | mandatory | The value is case insensitive |
expires_in |
Expiration time, in seconds. | The recommended | The access token life cycle in seconds, if omitted, the authorization server should provide the expiration time by other means or record the default value. |
refresh_token |
The refresh token | optional | |
scope |
competence | optional | If the scope is the same as the client request; Otherwise, necessary. |
Successful response example:
HTTP/1.1 200 OK Content-type: Application /json; charset=UTF-8 Cache-Control: no-store Pragma: no-cache { "access_token":"2YotnFZFEjr1zCsicMWpAA", "token_type":"example", "expires_in":3600, "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA", "example_parameter":"example_value" }Copy the codeThe client must ignore the name of an unrecognized value in the response. The size of the token and the value received from the authorization server is undefined. Clients should avoid making assumptions about the size of values. The authorization server should record the size of any values it issues.
If the request fails or is invalid due to client authentication. Return error response
The authorization server responds with an HTTP 400 (error request) status code, with the following parameters in the response:
| parameter | Parameters that | If required | note |
|---|---|---|---|
error |
error | mandatory | |
error_description |
Error description | optional | Used to assist client developers in understanding the error that occurred. |
error_uri |
The wrongurl |
optional | Used to provide the client developer with additional information about the error. |
Common error:
| error | Mistakes show |
|---|---|
invalid_request |
The request lacks required parameters, contains unsupported parameter values (except for the license type), duplicates parameters, contains multiple credentials, adopts more than one client-side authentication mechanism, or other non-standard format. |
invalid_client |
Client authentication failed (for example, unknown client, no client authentication, or unsupported authentication method). The authorization server can returnHTTP 401(unauthorized) status code to indicate supportedHTTPAuthentication scheme. If the client tries to passAuthorizationThe request header field authenticates, and the authorization server must respondHTTP 401(unauthorized) status code and contains a match for the authentication scheme used by the clientWWW-AuthenticateResponse header field. |
invalid_grant |
Redirects provided authorization licenses (such as authorization codes, resource owner credentials) or refresh tokens that are invalid, expired, revoked, and used in authorization requestsURIDoes not match or issue to another client. |
unauthorized_client |
The authenticating client is not authorized to use this type of authorization. |
unsupported_grant_type |
License types are not supported by license servers. |
invalid_scope |
The scope of the request is invalid, unknown, malformed, or beyond the scope permitted by the resource owner. |
Example error response:
HTTP/1.1 400 Bad Request Content-Type: Application /json; charset=UTF-8 Cache-Control: no-store Pragma: no-cache { "error":"invalid_request" }Copy the code